From 7654161dbf622d797029a9ae2a4bfa0893787874 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 4 Jun 2019 17:14:43 +0100 Subject: [PATCH] psa: Add NV seed as an entropy source when needed When MBEDTLS_PSA_INJECT_ENTROPY is used, we now require also defining MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES. When MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES is defined, we do not add entropy sources by default. This includes the NV seed entropy source, which the PSA entropy injection API is built upon. The PSA entropy injection feature depends on using NV seed as an entropy source. Add NV seed as an entropy source for PSA entropy injection. Fixes e3dbdd8d9082 ("Gate entropy injection through a dedicated configuration option") --- library/psa_crypto.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c9ee8c9901..3c318727fd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4639,6 +4639,15 @@ psa_status_t psa_crypto_init( void ) /* Initialize the random generator. */ global_data.entropy_init( &global_data.entropy ); +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ + defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) + /* The PSA entropy injection feature depends on using NV seed as an entropy + * source. Add NV seed as an entropy source for PSA entropy injection. */ + mbedtls_entropy_add_source( &global_data.entropy, + mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG ); +#endif mbedtls_ctr_drbg_init( &global_data.ctr_drbg ); global_data.rng_state = RNG_INITIALIZED; status = mbedtls_to_psa_error(